GDPR Privacy Notice – May 2018
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms by Law under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation.
Types of Personal Data
The practice holds personal data in the following categories:
- Patient clinical and health data and correspondence.
- Staff employment data.
- Suppliers/Contractors’ data.
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective care and treatment.
- Staff employment data is held in accordance with Employment, Taxation and Pensions law.
- Supplier/Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for Processing Personal Data?
The Law says we must tell you this:
- We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
- We hold staff employment data because it is a Legal Obligation for us to do so.
- We hold suppliers/contractors’ data because it is needed to Fulfill a Contract with us.
Who might we share your data with?
We can only share data if it is done securely and it is necessary to do so.
- Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). All data held by the practice including patient data is held on a secure encrypted computer system.
- Employment data will be shared with government agencies such as HMRC.
You have the right to:
- Be informed about the personal data we hold and why we hold it.
- Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
- Check the information we hold about you is correct and to make corrections if necessary
- Have your data erased in certain circumstances.
- Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
- Tell us not to actively process or update your data in certain circumstances.
How long is the Personal Data stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend.
- We must store employment data for six years after an employee has left.
- We must store contractors’ data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Data Protection Officer, Mr Richard Christian. We will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.
Dr Sagoo medical director
- 1. PRIVACY STATEMENT
- 2. DATA PROTECTION REGULATIONS
- 3. WHAT INFORMATION DO WE COLLECT FROM YOU?
- 4. COOKIES
- 5. HOW DO WE USE THE INFORMATION?
- 6. HOW DO WE HANDLE YOUR INFORMATION?
- 7. TO WHOM MAY WE DISCLOSE YOUR INFORMATION?
- 8. HOW CAN I CONTROL USE OF MY INFORMATION?
- 9. CHANGES TO PRIVACY STATEMENT
- 10. YOUR RIGHT TO COMPLAIN
THE SOLIHULL MEDICAL COSMETIC CLINIC. THIS IS OUR PRIVACY STATEMENT WHICH DETAILS HOW WE USE YOUR PERSONAL DATA (“PERSONAL DATA”) WHEN YOU USE OUR WEBSITE WWW.SOLIHULLMEDICALCOSMETICCLINIC.CO.UK WE TAKE OUR DATA PROTECTION RESPONSIBILITIES SERIOUSLY.
1 PRIVACY STATEMENT
1.2 THE NEW EUROPEAN GENERAL DATA PROTECTION REGULATION (TO BE IMPLEMENTED IN THE UK ON 25 MAY 2018) (THE “REGULATIONS”) SET OUT OUR RESPONSIBILITIES. WE HAVE TO PROTECT YOUR DATA.
1.4 ANY QUESTIONS, COMMENTS AND REQUESTS YOU MAY HAVE REGARDING THIS PRIVACY STATEMENT ARE WELCOMED AND SHOULD BE ADDRESSED TO: DATA PROTECTION OFFICER SOLIHULL MEDICAL COSMETIC CLINIC 20 CHELMSLEY LANE , MARSTON GREEN B377BG
2.1 FOR THE PURPOSES OF THIS PRIVACY STATEMENT: (A) WE DETERMINE THE PURPOSES FOR WHICH AND THE MANNER IN WHICH YOUR PERSONAL DATA IS, OR IS TO BE PROCESSED, AND WE ARE KNOWN AS THE DATA CONTROLLER (“DATA CONTROLLER”); AND (B) IN SUBMITTING YOUR DATA AND INFORMATION TO US TO COLLECT, HANDLE AND PROCESS, YOU WILL BE THE INDIVIDUAL WHO IS THE SUBJECT OF THE DATA (THE “DATA SUBJECT”); AND (C) IN PROCESSING YOUR DATA AND INFORMATION, ANY OTHER PARTIES CONTRACTED TO PROCESS DATA BY THE DATA CONTROLLER WILL BE KNOWN AS (“DATA PROCESSORS”).
- WHAT INFORMATION DO WE COLLECT FROM YOU?
3.1 WE MAY COLLECT AND PROCESS THE FOLLOWING DATA AND INFORMATION THAT YOU GIVE US IF YOU FILL IN THE ACCOUNT REGISTRATION FORM, PLACE AN ORDER FOR GOODS, OR IF YOU SUBMIT CONTENT ON OUR WEBSITE OR OTHERWISE BY CORRESPONDING WITH US BY PHONE EMAIL OR OTHERWISE: (A) NAME AND DATE OF BIRTH; (B) CONTACT INFORMATION INCLUDING ADDRESS, EMAIL ADDRESS, PHONE NUMBER; (C) INFORMATION NECESSARY FOR THE PURPOSES OF SUBMITTING AN ORDER FOR PRESCRIPTION PRODUCTS APPLICATION; (D) PRESCRIBED MEDICATION AND DIRECTIONS FOR USE.
3.2 WE UNDERSTAND THAT THE DATA COLLECTED AT 3.1(C) AND 3.1(D) IS SENSITIVE PERSONAL DATA.
3.3 WE WILL COLLECT AND PROCESS THE FOLLOWING DATA AUTOMATICALLY FROM YOUR VISIT TO OUR WEBSITE: (A) TECHNICAL INFORMATION, INCLUDING THE INTERNET PROTOCOL (IP) ADDRESS USED TO CONNECT YOUR COMPUTER TO THE INTERNET, YOUR LOGIN INFORMATION, BROWSER TYPE AND VERSION, TIME ZONE SETTING, BROWSER PLUG-IN TYPES AND VERSIONS, OPERATING SYSTEM AND PLATFORM; (B) INFORMATION ABOUT YOUR VISIT, INCLUDING THE FULL UNIFORM RESOURCE LOCATOR (URL), CLICKSTREAM TO, THROUGH AND FROM OUR WEBSITE (INCLUDING DATE AND TIME), PRODUCTS YOU VIEWED OR SEARCHED FOR, PAGE RESPONSE TIMES, DOWNLOAD ERRORS, LENGTH OF VISITS TO CERTAIN PAGES, PAGE INTERACTION INFORMATION (SUCH AS SCROLLING, CLICKS, AND MOUSE-OVERS), METHODS USED TO BROWSE AWAY FROM THE PAGE, AND ANY PHONE NUMBER USED TO CALL OUR CUSTOMER SERVICE NUMBER AND ANY OTHER ANONYMISED DATA OR METRICS THAT IDENTIFY USER BEHAVIOUR AND THE HABITS OF WEB VISITORS.
4.2 YOU MAY CHOOSE TO ACCEPT OR DECLINE COOKIES BY MODIFYING YOUR OWN BROWSER’S SETTINGS.
- HOW DO WE USE THE INFORMATION?
5.1 WE SHALL USE THE DATA AND INFORMATION YOU GIVE TO US:; (a) TO KEEP AND MAINTAIN OUR INTERNAL BUSINESS RECORDS; (b) FOR OUR INTERNAL TRAINING PURPOSES; (c) IF YOU GIVE US EXPRESS CONSENT, TO PROVIDE YOU WITH OUR OWN TAILORED MARKETING INFORMATION THAT WE THINK MAY SUIT YOUR INTERESTS AND NEEDS.
5.2 WE RESERVE THE RIGHT TO ADD TO THE LIST OF USES IN CLAUSE 5.1. WE SHALL NOT USE PRE-COLLECTED DATA AND INFORMATION FOR ANY NEW USES OF YOUR DATA WITHOUT CONSULTING YOU AND OBTAINING YOUR EXPRESS CONSENT IF WE ARE REQUIRED TO DO SO UNDER THE REGULATIONS.
5.4 WE RESERVE THE RIGHT TO ANONYMISE YOUR DATA TO OBTAIN ANALYSIS WHILE RETAINING YOUR PRIVACY.
- HOW DO WE HANDLE YOUR INFORMATION?
6.1 THE DATA AND INFORMATION WE COLLECT FROM YOU WILL BE TRANSFERRED TO AND SECURELY STORED BY OUR HOSTING THIRD PARTY
6.2 WE ARE COMMITTED TO ENSURING THAT YOUR DATA AND INFORMATION IS SECURE. IN ORDER TO PREVENT UNAUTHORISED ACCESS OR DISCLOSURE, WE HAVE PUT IN PLACE SUITABLE PHYSICAL, ELECTRONIC AND OFFICERIAL PROCEDURES TO SAFEGUARD AND SECURE THE INFORMATION WE COLLECT ONLINE, INCLUDING: (A) ALL DATA AND INFORMATION YOU PROVIDE TO US IS STORED ON SECURE SERVERS; (B) ANY PAYMENT TRANSACTIONS WILL BE ENCRYPTED USING SSL TECHNOLOGY; (C) WHERE WE HAVE GIVEN YOU (OR WHERE YOU HAVE CHOSEN) A PASSWORD WHICH ENABLES YOU TO ACCESS CERTAIN PARTS OF OUR WEBSITE, YOU ARE RESPONSIBLE FOR KEEPING THIS PASSWORD CONFIDENTIAL. WE ASK YOU NOT TO SHARE A PASSWORD WITH ANYONE; (D) ERASING OF INFORMATION, AND DESTRUCTION OF ANY COPIES KEPT; (E) REGULARLY UPDATING OUR REVIEW PROCEDURE.
6.3 ANY SENSITIVE PERSONAL DATA THAT WE COLLECT AS DESCRIBED AT CLAUSE 3.1(C) AND 3.1(D) SHALL BE PROCESSED IN ACCORDANCE WITH THE REGULATIONS, AND ONLY TO PERMIT US TO PROCESS YOUR REQUEST OR ENQUIRY. YOUR SENSITIVE PERSONAL DATA WILL BE STORED SECURELY AND WILL NOT BE PASSED ON TO THIRD PARTIES.
- TO WHOM MAY WE DISCLOSE YOUR INFORMATION?
7.1 IN PROVIDING US WITH DATA AND INFORMATION, YOU AGREE THAT WE MAY DISCLOSE SUCH INFORMATION, WHERE NECESSARY FOR THE PURPOSES AND USES LISTED IN CLAUSE 5, TO: (A) OUR EMPLOYEES, AGENTS REPRESENTATIVES AND ANY DATA PROCESSORS OFFICIALLY CONTRACTED TO PROCESS THE DATA ON OUR BEHALF; (B) SELECTED THIRD PARTIES INCLUDING: (I) BUSINESS PARTNERS, SUPPLIERS AND SUB-CONTRACTORS FOR THE PERFORMANCE OF ANY CONTRACT WE ENTER INTO WITH YOU; (II) ANALYTIC AND SEARCH ENGINE PROVIDERS THAT ASSIST US IN THE IMPROVEMENT AND OPTIMISATION OF OUR WEBSITE; (C) ANY OTHER THIRD PARTIES WE ARE LEGALLY OBLIGED TO DISCLOSE YOUR INFORMATION TO.
7.2 WE WILL ONLY DISCLOSE YOUR PERSONAL DATA TO PARTIES WHO BEAR SUFFICIENT LEGAL RESPONSIBILITY FOR ITS PROTECTION AND WHO HAVE SUFFICIENT PRIVACY AND SECURITY MEASURES IN PLACE TO REASONABLY ENSURE THAT IT WILL BE PROTECTED AND HANDLED APPROPRIATELY.
- HOW CAN I CONTROL USE OF MY INFORMATION?
8.1 YOU MAY CHOOSE TO RESTRICT THE COLLECTION OR USE OF YOUR PERSONAL DATA IN THE FOLLOWING WAYS: (. IF YOU DO NOT CONSENT WE SHALL ASSUME THAT YOU DO NOT WANT THE DATA AND INFORMATION TO BE USED BY US OR BY THIRD PARTIES FOR ANALYTICAL, MARKETING AND PROMOTIONAL PURPOSES; (B) IF YOU HAVE PREVIOUSLY AGREED TO US USING YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU MAY CHANGE YOUR MIND AT ANY TIME BY WRITING TO US AT, DATA PROTECTION OFFICER, THE SOLIHULL MEDICAL COSMETIC CLINIC 20 CHELMSLEY LANE MARSTON GREEN B37 7BG.
8.2 THE REGULATIONS GIVES YOU THE RIGHT TO ACCESS INFORMATION HELD ABOUT YOU. YOUR RIGHT OF ACCESS CAN BE EXERCISED IN ACCORDANCE WITH THE ACT. ANY ACCESS REQUEST WILL BE FREE. IF YOU WOULD LIKE A COPY OF THE INFORMATION HELD ON YOU PLEASE WRITE TO US AT DATA PROTECTION OFFICER, THE SOLIHULL MEDICAL COSMETIC CLINIC 20 CHELMSLEY LANE MARSTON GREEN B37 7BG.
8.3 IF YOU BELIEVE THAT ANY INFORMATION WE ARE HOLDING ON YOU IS INCORRECT OR INCOMPLETE, PLEASE WRITE TO OR EMAIL US AS SOON AS POSSIBLE, AT THE ABOVE ADDRESS. WE WILL PROMPTLY CORRECT ANY INFORMATION FOUND TO BE INCORRECT.
- CHANGES TO PRIVACY STATEMENT
9.1 WE RESERVE THE RIGHT TO MAKE CHANGES TO THIS POLICY WITHOUT NOTICE FROM TIME TO TIME BY UPDATING THIS PAGE. EVERY TIME YOU WISH TO USE OUR WEBSITE, PLEASE CHECK THE STATEMENT TO ENSURE YOU UNDERSTAND THE TERMS THAT APPLY AT THAT TIME. 9.2 THE CURRENT STATEMENT WAS MADE EFFECTIVE AS OF MAY 2018 AND INCORPORATES THE REQUIREMENTS OF THE NEW GDPR DUE IN EFFECT 25TH MAY 2018.
- YOUR RIGHT TO COMPLAIN
10.1 IF YOU BELIEVE THAT YOUR INFORMATION HELD BY US IS NOT BEING HANDLED PROPERLY, YOU HAVE THE RIGHT TO COMPLAIN TO THE DATA COMMISSIONER.